xenorat | 477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c | Triage

Sharing

General

Target

477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
Size

240KB
Sample

240704-t8dj5s1fqg
MD5

b41d067615ca60ffe4253297866d79be
SHA1

1aab2b69eb9f918d1e0a23a82a98411709ee2fdb
SHA256

477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
SHA512

7c5b98c2e3fbdafc0949ca9d32b9c41be044f3b99052e1119472d1999442114ed60d5949929e7b14aa028c77c7adc638ee0507362ab848af7cb4612c9313e29e
SSDEEP

6144:oGB7vPW1gnEHLltCX754KLHrdoBiEd0nJ1iaJC4E2Hjyq3RVlA44I:oOOCnEHXY7ZzreHin7iaJC4E2Hjyq3Rj

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Dolid_rat_nd8859g

Attributes

delay
60000
install_path
appdata
port
1280
startup_name
dms

Targets

- Target
  
  477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
- Size
  
  240KB
- MD5
  
  b41d067615ca60ffe4253297866d79be
- SHA1
  
  1aab2b69eb9f918d1e0a23a82a98411709ee2fdb
- SHA256
  
  477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
- SHA512
  
  7c5b98c2e3fbdafc0949ca9d32b9c41be044f3b99052e1119472d1999442114ed60d5949929e7b14aa028c77c7adc638ee0507362ab848af7cb4612c9313e29e
- SSDEEP
  
  6144:oGB7vPW1gnEHLltCX754KLHrdoBiEd0nJ1iaJC4E2Hjyq3RVlA44I:oOOCnEHXY7ZzreHin7iaJC4E2Hjyq3Rj
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan